nextcloud/lib
Lukas Reschke b20174bdad Allow AppFramework applications to specify a custom CSP header
This change allows AppFramework applications to specify a custom CSP header for example when the default policy is too strict. Furthermore this allows us to partially migrate away from CSS and allowed eval() in our JavaScript components.

Legacy ownCloud components will still use the previous policy. Application developers can use this as following in their controllers:
```php
$response = new TemplateResponse('activity', 'list', []);
$cspHelper = new ContentSecurityPolicyHelper();
$cspHelper->addAllowedScriptDomain('www.owncloud.org');
$response->addHeader('Content-Security-Policy', $cspHelper->getPolicy());
return $response;
```

Fixes https://github.com/owncloud/core/issues/11857 which is a pre-requisite for https://github.com/owncloud/core/issues/13458 and https://github.com/owncloud/core/issues/11925
2015-02-16 11:00:41 +01:00
..
l10n [tx-robot] updated from transifex 2015-02-15 01:54:31 -05:00
private Allow AppFramework applications to specify a custom CSP header 2015-02-16 11:00:41 +01:00
public Allow AppFramework applications to specify a custom CSP header 2015-02-16 11:00:41 +01:00
repair Merge pull request #13861 from owncloud/remove-disabled-files-repair-step 2015-02-10 22:46:53 +01:00
autoloader.php use Composer autoloader not OC for non-Composer 3rdparty (#9643) 2014-10-28 11:32:20 +01:00
base.php Merge pull request #13314 from owncloud/login-hook-logout 2015-01-22 23:34:19 +01:00